What recourse for a nation under cyberattack?

Almost none. No international framework exists to identify or sanction an attacking country.

By , Contributor to The Christian Science Monitor

When a nation's cybernetwork is attacked by another nation – as is suspected to be the case in South Korea and the US earlier this week – what official recourse does it have?

The short answer: not much.

The international community has yet to devise a legal framework relating to cyberattacks, or even agree upon a basic definition of the term. Development of an official framework is probably still years away, though organizations including the United Nations are beginning to discuss this issue.

Recommended: Default

"We need rules of engagement to define what governments can do and can't do," says James Lewis, senior fellow at the Center for Strategic and International Studies. "We have to stop treating the Internet like the wild, wild West."

Absent any legal guidelines, a nation's responses to cyberattacks are largely diplomatic. (Often, though, a nation will not make public that websites or networks have been jammed or impaired by an enemy attacker. Acknowledging an attacker's success signals vulnerability or impotence, experts say.)

If it was North Korea, what to do?

In the attack over the July 4 weekend of 27 South Korean and American websites, North Korea is the chief suspect. Any potential response is complicated by Pyongyang's political isolation.

"We can't sanction [North Korea's] trade, because we already do. We can't do financial sanctions, because we already do that. We can't close an embassy because they don't have one," says Mr. Lewis. "The [North] Koreans are invulnerable because we've cut them off, and they take advantage of that."

Even proving that North Korea is the antagonist, however, is problematic.

The attacks – known as denial of service attacks because they temporarily render websites inaccessible – have not been directly or definitively linked to North Korea, says Amy Kudwa, spokeswoman for the Department of Homeland Security (DHS).

Hard to know the real culprit

Despite increasingly sophisticated technology available to investigators, cyberattacks remain difficult to source.

"Simply measuring the volume of [attacking] computers and what country they're in may not tell you anything about the actual source of the attack," says Jonathan Zittrain, a law professor at Harvard University and cofounder of the Berkman Center for Internet and Society. "It could be a 12-year-old child in Europe, and the computers that are doing the attacks are all in China."

Moreover, cyberattacks occur frequently – though it's hard to know how often it's another country behind them.

"We face them every day," says DHS's Ms. Kudwa, who declined to comment specifically on attacks originated by other nations. "The vast majority are unsuccessful."

Aside from the sheer size of the assault, investigations into who dunnit are complicated by the fact that no single US agency is responsible.

"There are overlapping jurisdictions," Professor Zittrain says, adding that the FBI, the Department of Defense, DHS, or even the office of the Director of National Intelligence could be involved in an investigation.

'Patriot hackers' as proxies

Establishing whether a foreign government is behind an attack is still more difficult. So-called "patriot hackers" are not directly employed by a country's government but often operate with officials' knowledge or encouragement.

This is thought to be the case in the most well-known cyberattack, on Estonia in 2007. Estonia has accused Russia of orchestrating the attack that crippled dozens of its government and corporate websites, but the Baltic country has not released any information publicly to prove its claim.

Because of the relatively minor and unsophisticated nature of the attacks and the difficulty in attributing them with any certainty to North Korea, it's unlikely that the US will respond at all.

Still, these attacks shouldn't be ignored, says Lewis. They are a sign that the US still has not secured critical infrastructure.

"If the most simple attack can knock [some government agencies] offline," he asks, "what would a more sophisticated attack do?"

-----

Follow us on Twitter.

Share this story:

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...